http://forum.xda-developers.com/showthread.php?t=2365294
here is the full details about master key exploit fix
Related
SnooperStopper
Android device ecryption password manager and failed unlock attempts monitor
SnooperStopper allows you to have different device encryption password than
screen unlock pattern/PIN/password. You can have strong device encryption
password (which you only need to enter once after booting your device) but
simple pattern/PIN/password for unlocking your screen.
If attacker tries to guess your simple pattern/PIN/password, he has only
few tries (default is 3) after which the device is rebooted and he needs
to enter your strong device encryption password again.
Where to get it:
Google Play
Eutopia.cz F-Droid Repository
Project on GitHub
Why is it needed:
Android always sets device encryption password same as screen unlock pattern/PIN/password.
This is very unfortunate, because you should have encryption password as strong
as possible, but nobody wants to enter long password all the time just to unlock screen.
There is Android issue #29468
requesting different passwords for encryption and screen lock, but it seems to be
ignored by Google (it is there from 2012 and recently marked Obsolete by Google).
How to use it:
After installation, start SnooperStopper and grant it superuser permissions. Then
enable device admin in app, which allows SnooperStopper to monitor failed screen
unlock attempts and reboot device if maximum number is exceeded.
Whenever you change your screen unlock pattern/PIN/password, Android also changes
your device encryption password, so you have to set your strong encryption
password again. SnooperStopper automatically opens window where you can change it
right after you change your screen unlock pattern/PIN/password, so you should never
forget about it.
Requirements:
Android >= 4.0.3
enabled device encryption (Settings => Security => Encrypt phone )
root (Android doesn't allow apps to change device encryption password or reboot your device without root access)
Credits:
Whole device encryption password changing code is taken from Nikolay Elenkov's
Cryptfs Password Manager.
XDA:DevDB Information
SnooperStopper, App for all devices (see above for details)
Contributors
Mikos, Nikolay Elenkov
Source Code: https://github.com/xmikos/SnooperStopper
Version Information
Status: Stable
Current Stable Version: 1.3
Stable Release Date: 2016-03-21
Created 2015-07-13
Last Updated 2016-03-21
Hello,
Thanks for your great tool, this really fills the gap between a safe encrypted and a everyday easy to use device.
Unfortunately I can't change the encryption password on my maguro galaxy nexus device.
When I try to change my encryption password I get the message cannot get super access
For a short time the root access symbol lights up and disappears.
Snooper Stopper is listed in the device admin list. My nexus (which runs on slim rom lollipop ) asked me whether I would like to give root access to snooper stopper and I agreed.
I'd really like to help to fix this bug so I can use your tool.
Many greetings
Michael
P.S. Already opened a issue at github before I found this thread on xda
mischasworld said:
Unfortunately I can't change the encryption password on my maguro galaxy nexus device.
When I try to change my encryption password I get the message cannot get super access
For a short time the root access symbol lights up and disappears.
Snooper Stopper is listed in the device admin list. My nexus (which runs on slim rom lollipop ) asked me whether I would like to give root access to snooper stopper and I agreed.
Click to expand...
Click to collapse
Like I said on GitHub (writing it also here for reference):
It is problem with SELinux policy. if you have Android >= 5.0, you also need sepolicy-inject utility (you can find it here: setools-android with sepolicy-inject) or supolicy (part of SuperSU - but SuperSU is not opensource, so I highly discourage it).
New version 1.3 is compatible with Android 6 and CyanogenMod 13. Also starting from version 1.1 sepolicy-inject tool is included into SnooperStopper, so you don't need to install any external utility.
Disclaimer:
I am not responsible for bricked devices or you getting fired because the alarm app failed. Please do some research before making any system modification. You are choosing to make these changes at your own risk and if you point the finger at me for messing up your device, I will laugh at you.
I noticed that most users wanted to have the Pixel Experience for this device and one main reason why we don't was because of those hardware keys which is not in line with Google's stock android.
Thanks to @Tulsadiver for providing the zip which works fine with a/b partition, giving me less work to do.
Below, you'll find how to:
- Enable On-Screen Navigation Bar
- Disable Hardware Capacitive Keys
- Disable Hardware Capacitive Key Lights
- Install Pixel Navigation Bar with animation
Your device needs to be rooted and with TWRP installed
A file manager app with root access
There is no other way to achieve this without having root access
1. To enable on-screen navigation bar:
Navigate to this path: root/system/
Edit the file: build.prop
Insert below code anywhere or at the bottom then save changes.
qemu.hw.mainkeys=0
2. To disable hw keys:
Navigate to this path: root/system/usr/keylayout/
Edit the file: ft5435_ts.kl
At the bottom you'll find below:
key 139 MENU VIRTUAL
key 172 HOME VIRTUAL
key 158 BACK VIRTUAL
To disable those, just put # before the word "key" then save changes.
3. To disable hw key lights:
Navigate to this path: sys/devices/soc/leds-qpnp-10/leds/button-backlight/
Edit the values of below from 10 to 0 then save changes
brightness
max_brightness
Reboot your device for the changes to take effect.
To enable Pixel Navigation Bar with animation, just download the file: [PORT]PixelNavBar-tissot.zip and flash it via TWRP.
(Note: the ozop.zip file is to revert back the changes)
When I try to open the brightness and max_brightness with MiXplorer I get a "failed" message. I am rooted using CFAutoroot.
tosmopolitan said:
When I try to open the brightness and max_brightness with MiXplorer I get a "failed" message. I am rooted using CFAutoroot.
Click to expand...
Click to collapse
Use x-plore app from Play Store.
MarkerBeanXDA said:
Use x-plore app from Play Store.
Click to expand...
Click to collapse
Thanks, worked perfectly!!
MarkerBeanXDA said:
I noticed that most users wanted to enable the on-screen navigation bar and disable the hardware keys including its light to get a better stock android experience.
Below you'll find the steps on how to do just that:
First of all, you need to be rooted and and install a file manager app with root access
There is no other way to achieve this without having root access.
1. To enable on-screen navigation bar:
Navigate to this path: root/system/
Edit the file: build.prop
Insert below code anywhere or at the bottom then save changes.
qemu.hw.mainkeys=0
2. To disable hw keys:
Navigate to this path: root/system/usr/keylayout/
Edit the file: ft5435_ts.kl
At the bottom you'll find below:
key 139 MENU VIRTUAL
key 172 HOME VIRTUAL
key 158 BACK VIRTUAL
To disable those, just put # before the word "key" then save changes.
3. To disable hw key lights:
Navigate to this path: sys/devices/soc/leds-qpnp-10/leds/button-backlight/
Edit the values of below from 10 to 0 then save changes
brightness
max_brightness
Reboot your device for the changes to take effect.
Click to expand...
Click to collapse
Nice
But when we reboot, Lights are enabled.
We have to bring down max brightness to 0 once again.
Is there any permanent method to disable backlight?
Wow thanks. Can you also guide on how to enable night light?
Vasu Netha said:
Nice
But when we reboot, Lights are enabled.
We have to bring down max brightness to 0 once again.
Is there any permanent method to disable backlight?
Click to expand...
Click to collapse
Are you rooted with CF-Auto-Root?
MarkerBeanXDA said:
Are you rooted with CF-Auto-Root?
Click to expand...
Click to collapse
Yes
Vasu Netha said:
Nice
But when we reboot, Lights are enabled.
We have to bring down max brightness to 0 once again.
Is there any permanent method to disable backlight?
Click to expand...
Click to collapse
same problem, how to permanently off the button light?
NavBar not giving animation
i recently try this method to add nav button. then i installed xposed and pixel nav button module. but, the animation not running well. on my other device the home button's ring rotating while charging. but on mi a1 its not animating
How to swap back and recent key?
Please find out a way to disable hw key lights permanently..
Ripon Raihan said:
Please find out a way to disable hw key lights permanently..
Click to expand...
Click to collapse
Looking into it.
Aman301582 said:
How to swap back and recent key?
Click to expand...
Click to collapse
Try swapping their values.
key 139 BACK VIRTUAL
key 172 HOME VIRTUAL
key 158 MENU VIRTUAL
MarkerBeanXDA said:
Try swapping their values.
key 139 BACK VIRTUAL
key 172 HOME VIRTUAL
key 158 MENU VIRTUAL
Click to expand...
Click to collapse
Swap is working!
Ripon Raihan said:
same problem, how to permanently off the button light?
Click to expand...
Click to collapse
Pretty sure you change the permission to read only so the system can't edit it. Could be wrong. Do it at your own risk.
envy63 said:
i recently try this method to add nav button. then i installed xposed and pixel nav button module. but, the animation not running well. on my other device the home button's ring rotating while charging. but on mi a1 its not animating
Click to expand...
Click to collapse
Try to flash the zip provided in this thread instead
Can you create a magisk version?
+1 for a Magisk version
another +1 for a magisk version
What this means is that we may be able to take advantage of this to gain root access long enough to boot twrp and root it permanently, so anyone who knows enough, can you please work to make this possible?
Nokia just pushed out the April security patch.
Help please
Temporary root by [email protected]
Home URL:
Amazing Temp Root for MediaTek ARMv8 [2020-08-24]
Software root method for MediaTek MT67xx, MT816x, and MT817x! So it's no big secret that not too long ago, I found a way to achieve temporary root on MediaTek chipsets. No preinstalled root solution or device unlock was needed. The tool I...
forum.xda-developers.com
--------------------------------------------------
Temporary root by [email protected]
Home URL:
Amazing Temp Root for MediaTek ARMv8 [2020-08-24]
Software root method for MediaTek MT67xx, MT816x, and MT817x! So it's no big secret that not too long ago, I found a way to achieve temporary root on MediaTek chipsets. No preinstalled root solution or device unlock was needed. The tool I...
forum.xda-developers.com
--------------------------------------------------
Failed critical init step 1
exit: 1
My advice: Post your issue in thread you linked to.
Patulong69 said:
Help please
Temporary root by [email protected]
Home URL:
Amazing Temp Root for MediaTek ARMv8 [2020-08-24]
Software root method for MediaTek MT67xx, MT816x, and MT817x! So it's no big secret that not too long ago, I found a way to achieve temporary root on MediaTek chipsets. No preinstalled root solution or device unlock was needed. The tool I...
forum.xda-developers.com
--------------------------------------------------
Temporary root by [email protected]
Home URL:
Amazing Temp Root for MediaTek ARMv8 [2020-08-24]
Software root method for MediaTek MT67xx, MT816x, and MT817x! So it's no big secret that not too long ago, I found a way to achieve temporary root on MediaTek chipsets. No preinstalled root solution or device unlock was needed. The tool I...
forum.xda-developers.com
--------------------------------------------------
Failed critical init step 1
exit: 1
Click to expand...
Click to collapse
Did you finally resolve this?
I'd like to know
I too have this issue
Basically I believe it means the 'bug' this patch exploited has been nailed shut
[android-security-discuss] Apply for key attestation for hardware-backed keystore authentication
android-security-discuss.narkive.com
It says in this link that the TEE attestation keys aren't generated in the TEE and are batch keys issued by a keymaster? So, if the manufacturer has access to your phone's individual key, should they be able to restore it to your device if your bootloader has stayed locked with all official software installed?
Perhaps we might have the ability to regenerate our own keys? They appear to be generated by the secure bootloader and the attestation key seems to change on updates. So, if we give the generator what it needs from the secure bootloader (Which shouldn't be lost if it stays locked), the Android version, and patch level could we generate a new key, like what the system seems to do on the very first boot?
Keymaster Functions | Android Open Source Project
source.android.com
AFAIK the hash keys stored in the vbmeta files are generated when manufacturers compile Android for their phones. Also Android's boot.img gets signed by OEM.
May be you by means of AVB2TOOL can regenerate the vbmeta files on base of installed Android at your own. But IDK it.
FYI: On device's very 1st boot the ANDROID_ID key gets generated, not the vbmeta files.